Ben Hutchings <b...@decadent.org.uk> writes: > Or with only parentheses added: > > XMALLOC(pstoedit_suffix_table, sizeof(char *) * (2 * (dd_tmp - > dd_start) + 1));
Yes, that looks simpler. Confirmed this fixes the problem, at least on wheezy. Without patch: === cut === (wheezy-amd64-default)root@prune:/tmp/brian/tmpZqKBg5/autotrace-0.31.1# valgrind autotrace --output-format=svg /tmp/text3336.png ==3358== Memcheck, a memory error detector ==3358== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==3358== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==3358== Command: autotrace --output-format=svg /tmp/text3336.png ==3358== ==3358== Invalid write of size 8 ==3358== at 0x4E45204: pstoedit_suffix_table_init.part.0 (output-pstoedit.c:103) ==3358== by 0x4E452F3: pstoedit_suffix_table_lookup_shallow (output-pstoedit.c:149) ==3358== by 0x4E4C033: at_splines_write (autotrace.c:375) ==3358== by 0x4019C2: main (main.c:161) ==3358== Address 0xa2cfc20 is 880 bytes inside a block of size 881 alloc'd ==3358== at 0x4C28BED: malloc (vg_replace_malloc.c:263) ==3358== by 0x4E4517B: pstoedit_suffix_table_init.part.0 (output-pstoedit.c:87) ==3358== by 0x4E452F3: pstoedit_suffix_table_lookup_shallow (output-pstoedit.c:149) ==3358== by 0x4E4C033: at_splines_write (autotrace.c:375) ==3358== by 0x4019C2: main (main.c:161) ==3358== ==3358== Invalid read of size 8 ==3358== at 0x4E452D1: pstoedit_suffix_table_lookup_shallow (output-pstoedit.c:145) ==3358== by 0x4E4C033: at_splines_write (autotrace.c:375) ==3358== by 0x4019C2: main (main.c:161) ==3358== Address 0xa2cfc20 is 880 bytes inside a block of size 881 alloc'd ==3358== at 0x4C28BED: malloc (vg_replace_malloc.c:263) ==3358== by 0x4E4517B: pstoedit_suffix_table_init.part.0 (output-pstoedit.c:87) ==3358== by 0x4E452F3: pstoedit_suffix_table_lookup_shallow (output-pstoedit.c:149) ==3358== by 0x4E4C033: at_splines_write (autotrace.c:375) ==3358== by 0x4019C2: main (main.c:161) ==3358== <?xml version="1.0" standalone="yes"?> <svg width="124" height="30"> <path style="fill:#000000; stroke:none;" d="M0 0L0 30L124 30L124 0L0 0z"/> </svg> ==3358== ==3358== HEAP SUMMARY: ==3358== in use at exit: 16,978 bytes in 159 blocks ==3358== total heap usage: 2,586 allocs, 2,427 frees, 1,958,726 bytes allocated ==3358== ==3358== LEAK SUMMARY: ==3358== definitely lost: 9 bytes in 1 blocks ==3358== indirectly lost: 0 bytes in 0 blocks ==3358== possibly lost: 0 bytes in 0 blocks ==3358== still reachable: 16,969 bytes in 158 blocks ==3358== suppressed: 0 bytes in 0 blocks ==3358== Rerun with --leak-check=full to see details of leaked memory ==3358== ==3358== For counts of detected and suppressed errors, rerun with: -v ==3358== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 6 from 6) === cut === With patch: === cut === (wheezy-amd64-default)root@prune:/tmp/brian/tmpZqKBg5/autotrace-0.31.1# valgrind autotrace --output-format=svg /tmp/text3336.png ==3546== Memcheck, a memory error detector ==3546== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==3546== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==3546== Command: autotrace --output-format=svg /tmp/text3336.png ==3546== <?xml version="1.0" standalone="yes"?> <svg width="124" height="30"> <path style="fill:#000000; stroke:none;" d="M0 0L0 30L124 30L124 0L0 0z"/> </svg> ==3546== ==3546== HEAP SUMMARY: ==3546== in use at exit: 16,985 bytes in 159 blocks ==3546== total heap usage: 2,586 allocs, 2,427 frees, 1,958,733 bytes allocated ==3546== ==3546== LEAK SUMMARY: ==3546== definitely lost: 9 bytes in 1 blocks ==3546== indirectly lost: 0 bytes in 0 blocks ==3546== possibly lost: 0 bytes in 0 blocks ==3546== still reachable: 16,976 bytes in 158 blocks ==3546== suppressed: 0 bytes in 0 blocks ==3546== Rerun with --leak-check=full to see details of leaked memory ==3546== ==3546== For counts of detected and suppressed errors, rerun with: -v ==3546== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 6 from 6) === cut === -- Brian May <b...@debian.org>
